× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e65fcf210f2dca53d12c7d9fd626ca49d4164884aac55e9eb33a66a8d10fa0d2
File name: Download Free Driver Scout.exe
Detection ratio: 6 / 56
Analysis date: 2014-12-19 17:10:36 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:DownloadGuide-H [PUP] 20141219
AVG Covusfreemium.11D 20141219
ESET-NOD32 a variant of Win32/DownloadGuide.D 20141219
K7AntiVirus Unwanted-Program ( 0040f9bd1 ) 20141219
K7GW Unwanted-Program ( 0040f9bd1 ) 20141219
Malwarebytes PUP.Optional.DownloadGuide 20141219
Ad-Aware 20141219
AegisLab 20141219
Yandex 20141217
AhnLab-V3 20141219
ALYac 20141219
Antiy-AVL 20141219
Avira (no cloud) 20141219
AVware 20141219
Baidu-International 20141219
BitDefender 20141219
Bkav 20141219
ByteHero 20141219
CAT-QuickHeal 20141219
ClamAV 20141219
CMC 20141218
Comodo 20141219
Cyren 20141219
DrWeb 20150104
Emsisoft 20141219
F-Prot 20141219
F-Secure 20150104
Fortinet 20141219
GData 20141219
Ikarus 20141219
Jiangmin 20141218
Kaspersky 20150104
Kingsoft 20141219
McAfee 20141219
McAfee-GW-Edition 20150104
Microsoft 20141219
eScan 20141219
NANO-Antivirus 20141219
Norman 20141219
nProtect 20141219
Panda 20141219
Qihoo-360 20141219
Rising 20141218
Sophos AV 20141219
SUPERAntiSpyware 20141219
Symantec 20141219
Tencent 20141219
TheHacker 20141219
TotalDefense 20141219
TrendMicro 20141219
TrendMicro-HouseCall 20141219
VBA32 20141219
VIPRE 20141219
ViRobot 20141219
Zillya 20141219
Zoner 20141219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Covus Freemium GmbH
Signature verification Signed file, verified signature
Signers
[+] Covus Freemium GmbH
Status Valid
Issuer None
Valid from 10:21 AM 1/28/2013
Valid to 10:21 AM 1/29/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 3B19AB00759E5F097235F50EEF1AF68221C44F1B
Serial number 11 21 1D BC B8 A0 7E D4 07 61 2F C4 06 EF D2 59 BE 29
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer None
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm SHA1
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Issuer None
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm SHA1
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-18 12:25:54
Entry Point 0x000222D1
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
GetDeviceCaps
DeleteDC
SelectObject
GetStockObject
CreateSolidBrush
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
InterlockedPopEntrySList
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InterlockedPushEntrySList
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
GlobalLock
GetProcessHeap
FindNextFileW
FindFirstFileW
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SizeofResource
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VarUI4FromStr
VariantChangeType
SysStringLen
LoadRegTypeLib
SysStringByteLen
VarBstrCat
VariantClear
SysAllocString
OleCreateFontIndirect
DispCallFunc
VariantCopy
LoadTypeLib
SysFreeString
SysAllocStringByteLen
VariantInit
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
GetClassInfoExW
RedrawWindow
BeginPaint
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MapWindowPoints
GetParent
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EndPaint
UpdateWindow
MoveWindow
SetWindowPos
TranslateMessage
GetWindowTextLengthW
PostMessageW
GetSysColor
DispatchMessageW
GetDC
ReleaseDC
SendMessageW
UnregisterClassA
GetWindowLongW
IsWindowVisible
SetWindowTextW
GetDlgItem
GetWindow
CallWindowProcW
MonitorFromWindow
ClientToScreen
InvalidateRect
SetTimer
GetClientRect
GetClassNameW
FillRect
CreateAcceleratorTableW
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
CreateWindowExW
RegisterClassExW
CharNextW
IsChild
DestroyWindow
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.1.0.162

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
276480

MIMEType
application/octet-stream

FileVersion
3.1.0.162

TimeStamp
2014:12:18 13:25:54+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:12:30 07:00:03+01:00

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:12:30 07:00:03+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
322048

FileSubtype
0

ProductVersionNumber
3.1.0.162

EntryPoint
0x222d1

ObjectFileType
Executable application

File identification
MD5 5604ecccfc5e3ca0bdfaf57541199968
SHA1 605eb6b4996d32acf0e94f649c1607cf302fe8df
SHA256 e65fcf210f2dca53d12c7d9fd626ca49d4164884aac55e9eb33a66a8d10fa0d2
ssdeep
12288:VzibiMHOclNu4ctei2s2+YgUnkYx5AsZNFSRuVX1ZI5dZE:V2uMblE7tei2s2+Enb4sZHbVFZIS

authentihash bcf4daa0a14170f5509eedd44c4cfb9441000e0ca66d8595df8639ff4dc79508
imphash ef6e1e51e75793ba0f6e557f24647a95
File size 578.8 KB ( 592720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-12-19 17:10:36 UTC ( 4 years, 3 months ago )
Last submission 2014-12-19 17:10:36 UTC ( 4 years, 3 months ago )
File names Download Free Driver Scout.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections